# 2022-11-16 Version 2.9.0
Notewhorth changes:
* Support sending server redirection PDU
* Ensure X11 client cursor is never smaller 1x1
* Fixed multiple client side input validation issues
(CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)
* Proxy server now discards input events sent before
activation was received
* Internal replacements for md4, md5 and hmac-md5
For the time being the RDP protocol requires these outdated hash
algorithms. So any distribution that wants to ship a working
FreeRDP should check the options WITH_INTERNAL_MD4 (and depending
on OpenSSL deprecation status WITH_INTERNAL_MD5)
Fixed issues:
* Null checks in winpr_Digest_Free
* Missing NULL return in winpr_Digest_New
* Support for audin version 2 microphone channel
* Discard input events before activation
# 2022-10-12 Version 2.8.1
Notewhorth changes:
* Fixed CVE-2022-39282
* Fixed CVE-2022-39283
* Remove ALAW/ULAW codecs from linux backends (unreliable)
* Added hash checks for android build script dependencies
Fixed issues:
* Fix build break with newer FFMPEG versions
* Updated flatpak with build script
* Better execinfo support check for android
* Header now defines DumpThreadHandles
* Check fullscreen state and not setting
* Send resize on window state change
* Audin macOS monterey fix
* Android build script update
# 2022-07-28 Version 2.8.0
Noteworthy changes:
* Backported API to get peer accepted channel option flags
* Backported API to get peer accepted channel names
* Backported Stream_CheckAndLogRequiredLength
* Add server side handling for [MS-RDPET]
* Add server side handling for [MS-RDPECAM]
* Remove ALAW/ULAW codecs from linux backends (unreliable)
* Relieve CLIPRDR filename restriction when connecting to non-MS Windows servers
* TLS version control
* Add a new command line arg to enforce tls1.2
Fixed issues:
* Prevent out of bound reads for FFMPEG
* Unwind support for backtrace generation
* wlfreerdp appid
* RAIL window restore
* Refactored WinPR thread locking
* Mac rdpsnd memory leak fixes
* Mac audin memory leak fixes
* Automatic android versioning
* GFX 10.7 capability support
* Server RDPSND API improvements
* Server DVC API improvements
* Fixed osMinorType values
* Add missing osMajorType values
* Fix wrong usage of subband diffing flag (tile artifact fix)
# 2022-04-25 Version 2.7.0
Noteworthy changes:
* Backported OpenSSL3 gateway support
* Backported various NTLM fixes
* Backported WINPR_ASSERT to ease future backports
Fixed issues:
* Use /network:auto by default
* Workaround for broken surface frame marker
* Support 10bit X11 color (BGRX32 only)
* GFX progressive double free
* Disable websockets with /gt:rpc
* RAIL expect LOGON_MSG_SESSION_CONTINUE
# 2022-03-07 Version 2.6.1
Noteworthy changes:
Fixed issues:
* Backported freerdp_abort_connect during freerdp_connect fix
* Backported improved version dection see docs/version_detection.md for details
* Backported various rdpsnd fixes
# 2022-02-22 Version 2.6.0
Noteworthy changes:
* Backported android FFMPEG build scripts
* Updated android build dependencies
Fixed issues:
* Fix PDU length for RDPINPUT_PROTOCOL_V300
* Sanitize optional physical monitor size values
* Wayland memory corruption
* Remove unused codec x264
* Allow resolutions larger 2048x2048
* FFMPEG 5.0 support
* Fixed device hotplugging
* GetUserNameExA: Prefer getpwuid_r over getlogin_r over getlogin
* Android Mediacodec support
# 2022-01-12 Version 2.5.0
Noteworthy changes:
* Fixed smartcard login in case a redirection occurs the pin was lost
* Backported windows client drawing fixes
* Backported improved macOS keyboard layout detection
* Backported TcpConnectTimeout
* Backported LibreSSL compatibility patches
* Backported signal handler backtrace
* Backported OpenSSL 3.0 support
Fixed issues:
* Wayland client clipboard issues
* Various fixes regarding registry emulation, addin loader
and updated locale detection
* Android android_register_pointer missing initialization
# 2021-10-20 Version 2.4.1
Noteworthy changes:
* Refactored RPC gateway parsing code
* OpenSSL 3.0 compatibility fixes
* USB redirection: fixed transfer lengths
Fixed issues:
* Length checks in ConvertUTF8toUTF16
* Added checks for bitmap width and heigth values
Important notes:
* CVE-2021-41159: Improper client input validation for gateway connections
allows to overwrite memory
* CVE-2021-41160: Improper region checks in all clients allow out of bound
write to memory
# 2021-07-27 Version 2.4.0
Noteworthy changes:
* Backported multithreadded progressive decoder
* Backported clipboard fixes
* Fixed remote file read
Fixed issues:
* RAILS clipboard remote -> local
* Support newer FFMPEG builds
* Use OpenSSL default certificate store settings
* Planar alignment fixes
The package changed with the addition of its libepoll-shim dependency.
Otherwise, we can get:
ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
Changes between 2.1.2 and 2.2.0 (newer changes not preset in ChangeLog)
# 2020-07-20 Version 2.2.0
Important notes:
* CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel
Noteworty changes:
* fix: memory leak in nsc
* urbdrc
* some fixes and improvements
* build
* use cmake to detect getlogin_r
* improve asan checks/detection
* server/proxy
* new: support for heartbeats
* new: support for rail handshake ex flags
* fix: possible race condition with redirects
Fixed issues:
* #6263 Sound & mic - filter GSM codec for microphone redirection
* #6335: windows client title length
* #6370 - "Alternate Secondary Drawing Order UNKNOWN"
* #6298 - remoteapp with dialog is disconnecting when it loses focus
* #6299 - v2.1.2: Can't connect to Windows7
_SC_NPROCESSORS_ONLN whenever available, this covers also NetBSD; change
the #ifdef conditional for HW_NCPU to check for HW_NCPU rather than
explicit list of FreeBSD/OpenBSD
2.1.2 is mainly a security and bug fix release that addresses multiple
security issues indentified by Antonio Morales from GitHub Security Lab
(GHSL).
Besides the mentioned fixes there are also some stability and other
improvements.
# 2020-05-20 Version 2.1.1
Important notes:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
* Enforce synchronous legacy RDP encryption count (#6156)
* Fixed some leaks and crashes missed in 2.1.0
* Removed dynamic channel listener limits
* Lots of resource cleanup fixes (clang sanitizers)
* A couple of performance improvements
* Various small annoyances eliminated (typos, prefilled username for windows client, ...)
# 2020-05-05 Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041,
CVE-2020-11019, CVE-2020-11017, CVE-2020-11018
* fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077)
Noteworthy features and improvements:
* Fixed sound issues (#6043)
* New expert command line options /tune and /tune-list to modify all client
settings in a generic way.
* Fixes for smartcard cache, this improves compatibility of smartcard devices
with newer smartcard channel.
* Shadow server can now be instructed to listen to multiple interfaces.
* Improved server certificate support (#6052)
* Various fixes for wayland client (fullscreen, mouse wheel, ...)
* Fixed large mouse pointer support, now mouse pointers > 96x96 pixel are visible.
* USB redirection command line improvements (filter options)
* Various translation improvements for android and ios clients
For a complete and detailed change log since the last release candidate run:
git log 2.0.0..2.1.0
# 2020-04-09 Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526
* fix multiple other security related issues (#6005, #6006, #6007, #6008, #6009, #6010, #6011, #6012, #6013)
* sha256 is now used instead of sha1 to fingerprint certificates. This will
invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a
new connection is established after the update
Noteworthy features and improvements:
* First version of the RDP proxy was added (#5372) - thanks to @kubistika
* Smartcard received some refactoring. Missing functions were added and input
validation was improved (#5884)
* A new option /cert that unifies all certificate related options (#5880)
The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still
available but marked as deprecated
* Support for Remote Assistance Protocol Version 2 [MS-RA]
* The DirectFB client was removed because it was unmaintained
* Unified initialization of OrderSupport
* Fix for licensing against Windows Server 2003
* Font smoothing is now enabled per default
* Flatpack support was added
* Smart scaling for Wayland using libcairo was added (#5215)
* Unified update->BeginPaint and update->EndPaint
* An image scaling API for software drawing was added
* Rail was updated to the latest spec version 28.0
* Support for H.264 in the shadow server is now detected at runtime
* Add mask=<value> option for /gfx and /gfx-h264 (#5771)
* Code reformatting (#5667)
* A new option /timeout was added to adjust the TCP ACK timeout (#5987)
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc4..2.0.0
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
released under the Apache license.
This package contains major version 2 of the library.
